>
    Strata Copilot
    Create Multi-interface Devices
    Focus
    Download PDF
    Focus
    1. Home
    2. Device Security
    3. Device Security Administration Guide
    4. Discover IoT Devices and Take Inventory
    5. Create Multi-interface Devices
    Download PDF
    Device Security

    Create Multi-interface Devices

    Table of Contents

    Create Multi-interface Devices

    Merge two or more devices into a multi-interface device.
    Where Can I Use This?What Do I Need?
    • Device Security (Managed by Strata Cloud Manager)
    • (Legacy) IoT Security (Standalone portal)
    One of the following subscriptions:
    • Device Security subscription for an advanced Device Security product (Enterprise, OT, or Medical)
    • Device Security X subscription
    Some devices have multiple network interfaces. These can be networking and security devices like L3 switches and firewalls with multiple network ports or physical endpoint devices, such as printers, that can connect to both wired and wireless networks.
    Because each interface on a multi-interface device has its own MAC address and IP address, Device Security initially considers each interface as a separate single-interface device. This can result in duplicate devices in your asset inventory and duplicate vulnerabilities. When Device Security detects two or more devices that share common attributes, such as hostname or serial number, it provides a recommendation for you to group them as different interfaces on the same multi-interface device. In addition to accepting the recommendation as is, you can modify or ignore the recommendation and merge other devices instead. The merge process involves assigning one “device” as the primary interface and the others as secondary interfaces. When you do this, Device Security applies the device-level attributes of the primary interface to the entire multi-interface device while retaining the network-level attributes for each interface.
    If you have a Device Security X subscription license, each interface consumes a separate device license until they are merged into a single multi-interface device.
    Device-level attributes originally learned from the device assigned to be the primary interface and then applied to all merged interfaces
    Network-level attributes originally learned on each previously unmerged device and retained for interfaces on the merged device
    Category
    IP address
    Device name
    MAC address
    Endpoint protection (vendor)
    OUI vendor (NIC vendor)
    Model
    Site
    OS group
    Status (network connectivity)
    OS combined (OS group + OS version)
    Subnet
    Patient health information support (Medical IoT only)
    Switch
    Profile
    Tags
    Risk level
    Wireless access point
    Risk score
    VLAN
    Serial number
    All network attributes except those for CMMS (computerized maintenance management system), EDR (endpoint detection and response), and External Inventory
    Type
    All traffic attributes except the following: Software, Software Components, and Restricted Traffic.
    Vendor
    These attributes are assigned to a multi-interface device at the time individual devices are merged and become interfaces on a single device. After the merge, they can continue to change based on the network behaviors that Device Security observes. Device Security also merges vulnerabilities, security alerts, risk scores, and reports of the previously separate devices as they become interfaces on one device.
    Merge Devices into a Multi-interface Device
    You can merge one or more devices into a single multi-interface device based on Device Security recommendations or create your own multi-interface device without recommendations. When Device Security has recommendations, it displays a notification above the Inventory table on the AssetsDevices page.
    1. View the groups of two or more single-interface devices that Device Security recommends be merged into multi-interface devices.
      1. To see the list, click View All Recommendations above the Inventory table.
        A panel opens on the right of the Devices page showing all the devices that Device Security recommends merging together and the reason for each recommendation.
      2. Click the arrow to the left of a recommendation to see the individual devices to be merged.
        Device Security displays the name and profile of each single-interface device that it recommends merging into one multi-interface device.
        Clicking Create starts the merge process. Clicking Dismiss permanently dismisses the recommendation. However, if a dismissed recommendation changes—a device is added to the original recommendation or removed from it—Device Security will make a revised recommendation.
    2. Merge individual devices into a single multi-interface device.
      1. Click Create for the multi-interface device you want to create.
        This launches a three-step process, the first of which is the selection of devices to merge. The devices that Device Security chose appear in a Selected Devices section above the rest of the devices in the All Devices section.
      2. Keep the Device Security-recommended devices selected if you want to include them in the multi-interface device, clear any you want to exclude, and add more from the All Devices table if you think they should also be included.
        Any devices that you select in All Devices are also shown in Selected Devices.
        You can’t add a previously merged multi-interface device to another multi-interface device.
      3. When you’re satisfied, click Next.
      4. Select the primary interface of the multi-interface device.
        While all interfaces retain their network-specific attributes (IP address, MAC address, subnet, and VLAN), the merged device will use the physical device attributes from the primary interface. You might consider choosing the interface that processes the most traffic because Device Security most likely has the most data from this interface and, therefore, the most accurate device identification and risk analysis. If you have a dedicated management subnet and VLAN on your network, another option is to choose the interface in that subnet and VLAN.
      5. After you’ve selected the primary interface for the device, click Next and then expand different sections to review the merged attributes.
        You can click Expand All to view all six sets of attributes at once and then Collapse All to close them together. You can reduce the height of expanded sections by clicking Hide Empty Fields. To see all fields-–both those with data and those without—click Show Empty Fields.
        You can also see this information later in the Attributes section on the Device DetailsNew device page after you create the multi-interface device.
      6. When you’re satisfied and want to complete the merge process, click Create.
      7. To see the merged device on the Assets > Devices page, add a filter to show multi-interface devices.
        The newly created multi-interface appears in the Inventory table with the multi-interface device icon (
        ) after its device name.
      8. Click the multi-interface device icon (
        ) to see its interfaces with the primary interface identified at the top, and to access the Edit and Unmerge options.
    3. (Optional) Edit a multi-interface device.
      After creating a multi-interface device, you can later change the primary interface, merge more devices as interfaces into it, remove one or more interfaces from it, or unmerge all interfaces.
      To change the primary interface on a multi-interface device:
      1. Select AssetsDevices, click the multi-interface icon (
        ) to open the Interfaces panel for the device whose primary interface you want to change, and then Edit.
      2. Click Next to advance to the step where you select a primary interface.
      3. Select the interface that you want to make the new primary interface and then click Next.
      4. Review the settings to make sure the new primary interface is the one you want it to be and then Create.
      To add one or more interfaces to an existing multi-interface device:
      1. Select AssetsDevices, click the multi-interface icon (
        ) to open the Interfaces panel for the device to which you want to merge one or more single-interface devices as interfaces, and then Edit.
      2. Select one or more devices in the All Devices table that you want to convert from single, separate devices to interfaces on the multi-interface device and then click Next.
      3. Either keep the previously selected primary interface in its role or make another interface the primary if you want and then click Next.
      4. Create.
      To remove one or more interfaces—but not all—and return them to the inventory as individual single-interface devices while keeping the multi-interface devices:
      1. Select AssetsDevices, click the multi-interface icon (
        ) to open the Interfaces panel for the device whose interfaces you want to remove, and then Edit.
      2. Clear the selection of the interfaces that you want to remove from the multi-interface device and then click Next.
      3. Either keep the previously selected primary interface in its role or make another interface the primary if you want and then click Next.
      4. Create.
      To unmerge all interfaces:
      1. Select AssetsDevices, click the multi-interface icon (
        ) to open the Interfaces panel for the device whose interfaces you want to unmerge, and then Edit.
      2. Confirm the unmerge operation and return of each interface to an individual single-interface device.

    © 2026 Palo Alto Networks, Inc. All rights reserved.